Security
Way back in 2017, the CA/Browser Forum voted on Ballot 193 – 825-day Certificate Lifetimes, which passed. In short, this means that CA issued certificates issued after March 1st 2018 can not have a validity period longer than 825 days. macOS Catalina implements this change, as described in Requirements for trusted certificates in iOS 13 and macOS 10.15. So it’s been a long time coming, but most of us are just now realizing how this affects us.
Warning: This also applies to Self-signed certificates, like the ones issued for VMware vSphere and related solutions, like NSX-T and others, where the default age is 10 years or so.
As I’ve covered before, I run my home network mostly on Ubiquiti UniFi hardware. Since this offers a lot of nifty possibilities, I figured I should try to isolate all my “IoT”-devices in a separate network, while still making them accessible. After all, you don’t want a security issue on some sensor/automation thing you have in your house to be able to access and encrypt your familiy photos, right? The thing that sits in the corner and controls the color of your lightbulbs, do not need to have access to the same network as your other data.
Some times you might need to create an isolated network, while still allowing that network to access the internet. Ubiquity UniFi offers the easy option of creating a guest network for this, but that limits traffic between the devices in the same network as well, which might not be desirable. My primary use case for creating an isolated network, is to provide my tenant with his own dedicated network, without exposing anything on my own home network — but I still want him to be able to connect his own devices to each other, if he wants to — or even replacing the AP with something else, should he choose to do so. Another use case might be to create a dedicated network for all of those IoT-devices that keep popping up, like Amazon Echo’s, Google Home and Chromecasts as well as Phillips Hue bridges etc.
I’ve recently standardized on Ubiquiti equipment in the new house, and so far I am very happy with it. Wireless is working flawlessly, which is more than I could say for my old setup. A part of the new setup is a UniFi® Security Gateway (USG) that I am using as my gateway/firewall for my fiber connection, so I thought why not use that a my VPN termination as well?
In the last few months, I’ve seen an uptick in spoofed emails being sent with my own personal email domain. Not only is this extremely annoying, but more problematic is that recipients receive spam and phishing emails from what seems to be my personal mail account, simply by spoofing the from address. I don’t know why domain and email address has been “chosen” for this, but I guess this is fallout from the LinkedIn breach way back in 2012.
I didn’t think there was much I could do about this, but a recent tweet by my friend Per Thorsheim sent me down the rabbit hole.